Think Dog the Bounty Hunter meets tech. Yet, instead of hunting a person, you will be hunting a computer bug found in systems, protocols or software. For every bug you report, you receive a reward. The reward itself could vary; however, the most popular one is, of course, cash money.

How big a reward can you earn?

In principle, a cash reward can range from a mere hundred dollars to millions per bug reported.

MozillaIn 2004, Mozillaoffered a $500 reward for anyone who reported a critical security vulnerability. Fast forward 10 years and it offered a gleaming $10,000 for certificate verification in its Firefox 31 release. Currently, Mozilla has two bug bounty programs: client and web and services. For client, the reward ranges from $500 to $10,000+, and for web and services, $500-$4,000.

MicrosoftIn late 2013, Microsoft opened its first bug bounty program with the Mitigation Bypass Bounty and Bounty for Defense both rewarding $100,000. The following year, it launched the Online Services bug bounty program with rewards starting at $500. The best news is all of these Microsoft bounties are still waiting for you to report.

Platforms and contests for more available bounties

If you clicked on any of the links from number four, you noticed some companies don’t hold their bug bounty programs independently, but via third-party platforms such as HackerOne and Bugcrowd.

HackerOne was founded by security leaders from Facebook, Microsoft and Google. Once you sign up, you’re able to see which company rewards which people and how much they received under the Hacktivity tab. On the directory tab, you can search companies are currently offering bug bounty programs including those from Twitter, Shopify and Slack.

Hacktivity Interface

Bugcrowd is one of the most well-known bug bounty platforms out there, claiming to have 22,868 security researchers (white hat hackers) having found over 7,521 vulnerabilities for over 200 companies.

According to Planet Zuda Information Security, the strength of BugCrowd lies in its feature called ‘managed bug bounties.’ This feature has the submitted bug report overseen by bugcrowd staff before being passed through to the respective company.

The advantage of this feature is you, as the white hat hacker, are assured that qualified researchers on the other end examine each issue, eliminating any doubt that someone incapable is handling your work. If your report passes BugCrowd researchers’ examination, your chance to get paid by the respective company will be higher.